Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to determine if a user session should be SSL-only #295

Closed
skitterm opened this issue Aug 23, 2018 · 3 comments
Closed

Unable to determine if a user session should be SSL-only #295

skitterm opened this issue Aug 23, 2018 · 3 comments

Comments

@skitterm
Copy link

skitterm commented Aug 23, 2018
edited
Loading

When authenticating with the OAuth implicit grant, a ssl=true key-value pair is returned as part of the OAuth callback's hash, when the organization is HTTPS-only. Based on that I can adjust everything to be strictly HTTPS when the organization requires it.

However, when calling userSession.toCredential(), ssl is always true.

Unless I'm mistaken, that makes it impossible to determine whether or not a session should be SSL-only (without manually reading the oauth callback hash for that value, of course).

Newbie idea, but a way to let userSession know if ssl should be true || false would be to allow passing it in as a parameter in completeOAuth2()?
@tomwayson
Copy link
Member

I think the way to do that would be to add add a ssl: boolean prop to UserSession and UserSessionOptions and then as you say add it here:

arcgis-rest-js/packages/arcgis-rest-auth/src/UserSession.ts

Line 430 in af61e3e

return new UserSession({

Then update toCredential() to pull from that value.

I'd gladly accept such a pull request 😄

skitterm pushed a commit to skitterm/arcgis-rest-js that referenced this issue Sep 20, 2018
Esri#295: SSL property added to UserSession class. SSL calculated in …
a350f76 
…completeOAuth2 and used in to/fromCredential.
skitterm pushed a commit to skitterm/arcgis-rest-js that referenced this issue Sep 20, 2018
Esri#295: fetchToken returns ssl property with response.
1dba15d
@skitterm skitterm mentioned this issue Sep 20, 2018
Merged
@skitterm
Copy link
Author

PR submitted: #332

skitterm pushed a commit to skitterm/arcgis-rest-js that referenced this issue Sep 20, 2018
Esri#295: Syntax fixes.
eb96e2b
skitterm pushed a commit to skitterm/arcgis-rest-js that referenced this issue Sep 20, 2018
Esri#295: Test cases added for when ssl property/parameter is not ret…
584b0e5 
…urned or present.
@jgravois
Copy link
Contributor

resolved via #332. thanks again @skitterm 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomwayson @jgravois @skitterm